WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2010-09-07 18:00
Updated : 2024-02-04 17:54
NVD link : CVE-2010-3259
Mitre link : CVE-2010-3259
CVE.ORG link : CVE-2010-3259
JSON object : View
Products Affected
apple
- iphone_os
- safari
webkitgtk
- webkitgtk
canonical
- ubuntu_linux
- chrome
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor